Yeah, I can get behind that school of thought. Good points made, and given full ability to pick and choose, I'd lean away from SAML, but it is one of the more widely supported options for SSO.
Specifically here, I was thinking about SSO for external services, like a SaaS product, especially one without an on-prem variant that could run on Cloudron, so that you can make the Cloudron user store an authoritative source of truth for necessarily off-Cloudron products.

Docker has recently been updated on the cloudron buildserver, which means multi stage builds and COPY --from now works within Dockerfiles.
I have a longer train ride on friday, maybe I can now make something happen with Bitwarden_rs.

I built a beta build for this, it can be installed using:
cloudron install --image mitchellurgero/org.urgero.codeserver:0.0.2
Check post install information for details!!! Do not run on production system, etc etc.
Edit 1:
GitHub Link: https://github.com/mitchellurgero/cloudron-vscode
Docker-Hub Link: https://cloud.docker.com/u/mitchellurgero/repository/docker/mitchellurgero/org.urgero.codeserver